When good Chrome extensions go bad

If your Chrome browser is loaded with diverse extensions or you happen to be an extension developer yourself, then the news about increasing phishing attacks on Chrome add-ons should certainly become a concern to you.

Observing the tendencies in the cyber world, crooks do not cease to surprise with their imaginative skills on hacking and phishing technologies.

Two phishing attacks on popular chrome extensions within five days serves as another wake-up call for Google to fortify the protection of its most popular product – Chrome.

Foisting adware in the disguise of legitimate Chrome add-ons

As users have learned to detect and avoid installing questionable extensions, perpetrators have discovered ways how to deliver unwanted malicious content by force. It seems that transforming legitimate Particle Chrome extension into adware after handing it to a new owner is no longer a novelty.[1]

Now felons take higher risks to hack well-known extensions’ authors’ accounts to corrupt the source code of their app.[2] As a result, then, they are able to roll out updates which deliver adware, or worse, malware, to unsuspecting users.

What is worse, the number of such cases are not limited to the developers of Copyfish and Web Develop. Maxime Kjaer, a science student, has unraveled the scheme involving Facebook click fraud and corrupted Chrome extensions.[3]

If a credulous Facebook user clicks on a link supposedly sent by his contact, they are misguided to an adult-content website which asks for the verification by enabling a shady extension. Some of such extensions also have access to user’s camera and microphone.

The current cases suggest that racketeers have picked up the strategy to foist annoying ads and links to questionable sites. However, the authors of more elaborate malware may soon take the liking of the phishing technique as well.

Any countermeasures?

It is understandable if you are in the state of bewilderment right now wondering how you are supposed to tell a difference between a genuine Chrome extension and its impostor. Leave alone ordinary consumers, software developers must face the dilemma how to secure their intellectual property.

Moreover, they might be inclined to do so even more as Google Support team sends out official warnings about the phishing attacks and fake Google Support emails.[4] Here is their advice:

Pay attention to the sender’s domain name

Enable 2-step verification

Change account passwords regularly (“password123” does not count)

Responding to the account hack and extension corruption cases, Google continues scanning for malicious extensions in the Chrome web store. However, it seems that there might be many more of them than expected.